Exception: Faraday::SSLError
Closed this issue · 4 comments
I'm trying to use the Elasticsearch input, but I'm getting an error when I start the plugin. Below is my config and the error. I'm using the internal elastic super user account and the same certificate bundle that is used by all my other Logstash output pipelines to connect to Elasticsearch.
input {
elasticsearch {
ssl => true
hosts => ["Host.FQDN.com:9200"]
ca_file => "/certbun.pem"
docinfo => true
user => "elastic"
password => "changeme"
index => "rickflairwoo-*"
query => '{ "query": { "match": { "_id": "woo1"} } }'
}
}
[2019-08-23T10:52:34,172][ERROR][logstash.javapipeline ] A plugin had an unrecoverable error. Will restart this plugin.
Pipeline_id:RickFlair_Output
Plugin: <LogStash::Inputs::Elasticsearch password=><password>, ca_file=>"/certbun.pem", hosts=>["Host.FQDN.com:9200"], query=>"{ \"query\": { \"match\": { \"_id\": \"woo1\"} } }", index=>"rickflairwoo-*", docinfo=>true, id=>"bc8e8cfe3e0735ad5078cc46ea513d0a6a57c11866ddf1a0db30fd3479b9623e", ssl=>true, user=>"elastic", enable_metric=>true, codec=><LogStash::Codecs::JSON id=>"json_5dfc1add-7d10-4393-a257-1cd954cf3ea2", enable_metric=>true, charset=>"UTF-8">, size=>1000, scroll=>"1m", docinfo_target=>"@metadata", docinfo_fields=>["_index", "_type", "_id"]>
Error: Received fatal alert: handshake_failure
Exception: Faraday::SSLError
Stack: org/jruby/ext/openssl/SSLSocket.java:276:in `connect_nonblock'
uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/protocol.rb:44:in `ssl_socket_connect'
uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:985:in `connect'
uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:924:in `do_start'
uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:913:in `start'
uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:1465:in `request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/faraday-0.9.2/lib/faraday/adapter/net_http.rb:82:in `perform_request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/faraday-0.9.2/lib/faraday/adapter/net_http.rb:40:in `block in call'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/faraday-0.9.2/lib/faraday/adapter/net_http.rb:87:in `with_net_http_connection'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/faraday-0.9.2/lib/faraday/adapter/net_http.rb:32:in `call'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/faraday-0.9.2/lib/faraday/rack_builder.rb:139:in `build_response'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/faraday-0.9.2/lib/faraday/connection.rb:377:in `run_request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/transport/http/faraday.rb:23:in `block in perform_request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/transport/base.rb:262:in `perform_request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/transport/http/faraday.rb:20:in `perform_request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/client.rb:131:in `perform_request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/elasticsearch-api-5.0.5/lib/elasticsearch/api/actions/search.rb:183:in `search'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/logstash-input-elasticsearch-4.3.1/lib/logstash/inputs/elasticsearch.rb:280:in `search_request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/logstash-input-elasticsearch-4.3.1/lib/logstash/inputs/elasticsearch.rb:228:in `do_run_slice'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/logstash-input-elasticsearch-4.3.1/lib/logstash/inputs/elasticsearch.rb:209:in `do_run'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/logstash-input-elasticsearch-4.3.1/lib/logstash/inputs/elasticsearch.rb:197:in `run'
/Logstash/7.2/logstash-core/lib/logstash/java_pipeline.rb:309:in `inputworker'
/Logstash/7.2/logstash-core/lib/logstash/java_pipeline.rb:302:in `block in start_input'
the same happens to me, using:
output {
elasticsearch {
cacert => "/myca.crt"
ssl => true
hosts => [ "host1.fqdn" ]
user => "elastic"
password => "<pwd>"
index => "logstash"
manage_template => false
}
}
everything works fine, but:
input {
elasticsearch {
hosts => [ "host1.fqdn" ]
user => "elastic"
password => "<pwd>"
ssl => true
ca_file => "/myca.crt"
index => "logstash-old"
}
}
gives the same error as above. I think we are both using version 7.2
**EDIT
the problem is the same also in version 7.4.1
This issue should be solved now in the new version 4.4.0 of this plugin https://github.com/logstash-plugins/logstash-input-elasticsearch/releases
This issue should be solved now in the new version 4.4.0 of this plugin https://github.com/logstash-plugins/logstash-input-elasticsearch/releases
What version of Logstash will this version be packaged with?
At the moment, I don't know exactly, because this is another topic and matches to the Product Management to plan of when new version will be integrated into logstash.
Apart from that please try out, if logstash the plugin is really solving your issue.
#list actual plugin version
bin/logstash-plugin list --verbose | grep input-elastic
#upgrade to most recent plugin version
bin/logstash-plugin install --version 4.4.0 logstash-input-elasticsearch
If yes, you can keep it or otherwise downgrade to the older builtin version you had before